|
|
|
|
|
|
by anonymousJim12
2779 days ago
|
|
|
remote code execution doesn't really mean much in an un-privileged container. They could be using cgroup limits, capability drops, MAC, seccomp, etc etc Now, I'm not saying that containers are super tight by default. It is entirely possible this particular container env is wide open, but I didn't really see anything too concerning from the parents analysis. |
|
|
It means pretty much everything. Have you ever heard of someone reporting an RCE in a major service and it being treated as no big deal? They're invariably treated as catastrophic compromise because it is. The jump from RCE to privilege escalation, escape, etc is nothing compared to the actual RCE-ing.